diff options
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java')
-rw-r--r-- | id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 67 |
1 files changed, 47 insertions, 20 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index f3821374a..72a253694 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; @@ -20,7 +42,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; +import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; @@ -50,13 +72,12 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; import at.iaik.commons.util.MiscUtil; public class BuildMetadata extends HttpServlet { private static final long serialVersionUID = 1L; - private static final Logger log = Logger.getLogger(BuildMetadata.class); - /** * @see HttpServlet#HttpServlet() */ @@ -88,23 +109,29 @@ public class BuildMetadata extends HttpServlet { String name = config.getPVP2MetadataEntitiesName(); if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); + Logger.info("NO Metadata EntitiesName configurated"); throw new ConfigurationException("NO Metadata EntitiesName configurated"); } spEntitiesDescriptor.setName(name); spEntitiesDescriptor.setID(idGen.generateIdentifier()); + //set period of validity for metadata information + DateTime validUntil = new DateTime(); + spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); + + EntityDescriptor spEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + //set OA-ID (PublicURL Prefix) as identifier String serviceURL = config.getPublicUrlPreFix(request); if (!serviceURL.endsWith("/")) serviceURL = serviceURL + "/"; - log.debug("Set OnlineApplicationURL to " + serviceURL); + Logger.debug("Set OnlineApplicationURL to " + serviceURL); spEntityDescriptor.setEntityID(serviceURL); SPSSODescriptor spSSODescriptor = SAML2Utils @@ -126,7 +153,7 @@ public class BuildMetadata extends HttpServlet { config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - log.debug("Set Metadata key information"); + Logger.debug("Set Metadata key information"); //Set MetaData Signing key KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils .createSAMLObject(KeyDescriptor.class); @@ -162,7 +189,7 @@ public class BuildMetadata extends HttpServlet { spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); } @@ -181,23 +208,21 @@ public class BuildMetadata extends HttpServlet { unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - + + //set HTTP-POST Binding assertion consumer service AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); postassertionConsumerService.setIndex(0); postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - spSSODescriptor.setWantAssertionsSigned(true); - spSSODescriptor.setAuthnRequestsSigned(true); - AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); @@ -207,10 +232,12 @@ public class BuildMetadata extends HttpServlet { serviceName.setName(new LocalizedString("Default Service", "de")); attributeService.getNames().add(serviceName); + //set attributes which are requested attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + //build metadata DocumentBuilder builder; DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); @@ -237,32 +264,32 @@ public class BuildMetadata extends HttpServlet { response.getOutputStream().close(); } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); + Logger.warn("Configuration can not be loaded.", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); + Logger.warn("Requested Algorithm could not found.", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); + Logger.warn("Unspecific PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } |